SOPHOS WEB APPLIANCE
Sawmill is a Sophos Web Appliance log analyzer (it also supports the 1021 other log formats listed to the left).
It can process log files
in Sophos Web Appliance format, and generate dynamic statistics from them,
analyzing and reporting events.
Sawmill can parse Sophos Web Appliance logs, import them into a MySQL, Microsoft SQL Server, or Oracle database (or its own built-in database),
aggregate them, and generate dynamically filtered reports, all through a web interface.
Sawmill can perform Sophos Web Appliance log analysis on any platform, including Windows, Linux, FreeBSD, OpenBSD, Mac OS, Solaris, other UNIX, and others.
Sawmill stores the following non-numerical fields in its database for Sophos Web Appliance, generates reports for each field, and allows dynamic filtering on any combination of these fields:
| Field | | Internal Name |
| date/time | | date_time |
| day of week | | day_of_week |
| hour of day | | hour_of_day |
| remote host | | remote_host |
| location | | location |
| remote user | | remote_user |
| http status code | | http_status_code |
| connection status | | connection_status |
| action code | | action_code |
| matched URL category | | matched_uri_category |
| reason code | | reason_code |
| threat | | threat |
| mime type | | mime_type |
| content type | | content_type |
| antivirus engine version | | antivirus_engine_version |
| antivirus data version | | antivirus_data_version |
| URI list version | | uri_list_version |
| cache | | cache |
| HTTP method | | http_method |
| referrer | | referrer |
| web browser | | web_browser |
| operating system | | operating_system |
| URI | | uri |
| protocol | | protocol |
| file type | | file_type |
| worm | | worm |
| domain | | domain |
| filetype category | | filetype_category |
| policy rule ID | | policy_rule_id |
| source category | | src_cat |
Sawmill stores the following numerical fields in its database for Sophos Web Appliance, aggregating them and including them as columns in most reports:
| Numerical Field | | Internal Name |
| events | | events |
| bytes in | | bytes_in |
| bytes out | | bytes_out |
| request time (us) | | request_time_microseconds |
| request time (s) | | request_time_seconds |
| access checks time | | access_checks_time |
| file typing time | | file_typing_time |
| scanning time | | scanning_time |
| file size | | file_size |
See Sawmill Features to learn more about Sawmill's options for viewing, customizing, filtering, exporting and scheduling Sophos Web Appliance reports.
Sawmill also supports 1021 other log formats.